Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-22286

[QA](7.4.z) JBJCA-1427 - not possible to bypass GSSCredentials using Datasource.getConnection(username,password)

XMLWordPrintable

    • False
    • False
    • Regression
    • +
    • Undefined
    • Workaround Exists
    • Hide

      System property

      ironjacamar.jdbc.kerberos.copygsscredentials=true
      
      Show
      System property ironjacamar.jdbc.kerberos.copygsscredentials= true
    • Hide

      configuration from JBEAP-21373 can be used for debugging

      Show
      configuration from JBEAP-21373 can be used for debugging

      Tested with EAP from 7.4.x branch, commit 59e4f3297c1de493e4ff14492dbf0b73bde86cb3

      After JBEAP-21373 it is not possible to overload authentication defined in server configuration with DataSource.getConnection(username, password)

      <datasource jndi-name="java:jboss/datasources/TestDatasource" pool-name="TestDatasource" spy="true" statistics-enabled="true">
          <connection-url>URL</connection-url>
          <connection-property name="oracle.net.authentication_services">
              (KERBEROS5)
          </connection-property>
          <driver>jdbc_driver</driver>
          <pool>
              <min-pool-size>0</min-pool-size>
              <max-pool-size>1</max-pool-size>
              <prefill>false</prefill>
              <allow-multiple-users>true</allow-multiple-users>
          </pool>
          <security>
              <security-domain>DatabaseUser</security-domain>
          </security>
      </datasource>
      

      And in the application then:

      @Resource(lookup = Constants.DATASOURCE_JNDI_NAME)
      private DataSource ds;
      
      ....
      
      ds.getConnection(username, password)
      

      username and password from getConnection method call should be used but kerberos authentication is used instead

              rhn-engineering-lgao Lin Gao
              msimka@redhat.com Martin Simka
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated:
                Resolved: